mlsmaycon
commented
8 months ago Thanks, @WGandy, for the request. Yubikey is definitely in our plans, and we will share more details once we have a more concrete view on how to integrate it with NetBird and Wireguard.
I'd like to be able to "enable" the netbird client on any/all platforms with a yubikey (or other external hardware 2FA systems).
The current vision I have is that the client device can be allowed to participate on the netbird network for predetermined periods of time and/or in interaction with other authorization processes or actions. For instance, the VPN connection could be enabled when the yubikey is plugged into the device (or detected with NFC) and will continue to work for 2 hours. The connection would need to be "re-upped" by the yubikey within that 2 hour period for non-disrupted functionality. Ideally, this process of authorizing the client would happen with as little UI interaction as possible; hopefully without any dialog boxes such that simply tapping the yubikey to a mobile device would keep the connection live.
I'm am sheepishly ignorant about the implementation details necessary but I'm sure that there are many issues involved, like the encryption of the connection information and the destruction of such information if the client is deleted and reinstalled.